Northern Ireland

Ulster Bank fined £2.75m over IT meltdown

Ulster Image copyright PA

Ulster Bank has been fined £2.75m (3.5m euros) by the Central Bank of Ireland over a 2012 IT meltdown which left around 600,000 customers unable to use their accounts for up to a month.

It was caused by a computer failure in the overnight processing of account information.

The fine on the RBS-owned bank is the largest imposed by the Central Bank.

Ulster Bank said it accepted the findings. It has paid 59m euros (£46m) in compensation to affected customers.

RBS-owned Ulster Bank operates in both Northern Ireland and the Republic of Ireland.

It is likely to face a further substantial fine from the UK's Financial Conduct Authority in relation to the Northern Ireland part of the bank .

The Central Bank's investigation found a major failing in the outsourcing of Ulster Bank's IT systems.

Its director of enforcement, Derville Rowland, said the IT failing as a "major breakdown" which had caused "unprecedented disruption".


Image copyright PA

Analysis: BBC NI economics editor John Campbell

It's June 2012 and an unprecedented IT fiasco is unfolding at Ulster Bank.

Various senior managers are sent out in front of the cameras in a vain attempt to reassure customers they're on top of the problem.

But now it's clear, they weren't. They were being fed duff information and the investigation is crystal clear - the roots of this ignorance lay in the outsourcing of the bank's IT systems.

When the IT systems fell over the finger of blame was pointed at the decision of Ulster's parent company, RBS, to outsource IT work to contractors in India.

However, the Central Bank of Ireland report does not deal with that issue and instead it looks at "intra-group outsourcing".

In 2005, Ulster Bank's IT services, including management and risk assessment was outsourced to the RBS Group.

Over time that meant that Ulster Bank management did not have oversight or even a proper understanding of the IT system on which its business depends.

We'll have to wait for another report from the UK's Financial Conduct Authority to assess if the further outsourcing step to India also contributed to this sorry episode.

Read more


'Systemic weaknesses'

In 2005, Ulster Bank's IT was outsourced to the wider RBS Group.

The investigation found "systemic weaknesses" in Ulster Bank's governance arrangements in relation to the outsourcing.

Those weaknesses meant the bank did not have a proper understanding of the IT infrastructure on which its business operated.

It also did not understand the risks associated with that infrastructure and the software used to process its customers' banking transactions.

The investigation also found there was no appropriate contingency plan in place to enable the bank to recover quickly from a problem like the 2012 incident.

Ulster Bank chief executive Jim Brown accepted the Central Bank's findings in full.

He said Ulster Bank had invested in its IT systems to "significantly improve" their resilience.

That included that the establishment of a "mirror bank" enabling transactions to still be processed while systems were recovered.

Larry Broderick, the general secretary of the Irish Bank Officials' Association (IBOA), which represents bank workers, said the comments made by Ms Rowland offered "some timely guidance on the future for all financial institutions".

"Her remarks on the pivotal role played by information technology in modern banking are welcome - as are her comments on the need for the banking system to have robust IT governance arrangements to ensure continuity of service," he said.

"The Ulster Bank incident highlights that there are major risks inherent in devolving control of core technological operations beyond the immediate control of the institution.

"If being part of the same banking group is not enough to guarantee continuity of service, then surely relationships with third-party service providers must be even less certain."


More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites